From 99bb7af3dadeb4a47189e2659d0094dd34ce907e Mon Sep 17 00:00:00 2001
From: traveler <phil@pncharris.com>
Date: Fri, 13 Feb 2026 15:46:02 -0600
Subject: [PATCH] vault

---
 swarm/consul.yaml | 73 -----------------------------------------------
 swarm/vault.yaml  | 56 ++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 73 deletions(-)
 delete mode 100644 swarm/consul.yaml
 create mode 100644 swarm/vault.yaml

diff --git a/swarm/consul.yaml b/swarm/consul.yaml
deleted file mode 100644
index d7076e5..0000000
--- a/swarm/consul.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
-version: "3.8"
-
-networks:
-  netgrimoire:
-    external: true
-
-services:
-  consul-server:
-    image: hashicorp/consul:latest  # Changed from consul:latest
-    hostname: "consul-{{.Task.Slot}}"
-    command: >
-      agent -server
-      -bootstrap-expect=3
-      -ui
-      -client=0.0.0.0
-      -bind='{{ GetInterfaceIP "eth0" }}'
-      -retry-join=tasks.consul-server
-      -datacenter=netgrimoire
-    ports:
-      - target: 8500
-        published: 8500
-        protocol: tcp
-        mode: host
-      - target: 8600
-        published: 8600
-        protocol: udp
-        mode: host
-      - target: 8600
-        published: 8600
-        protocol: tcp
-        mode: host
-    networks:
-      - netgrimoire
-    volumes:
-      - consul-data:/consul/data
-    deploy:
-      mode: replicated
-      replicas: 3
-      placement:
-        constraints:
-          - node.role == manager
-        max_replicas_per_node: 1
-      restart_policy:
-        condition: any
-        delay: 5s
-        max_attempts: 3
-        window: 120s
-      update_config:
-        parallelism: 1
-        delay: 30s
-
-  registrator:
-    image: gliderlabs/registrator:latest
-    command: >
-      -internal
-      -retry-attempts=10
-      -retry-interval=2000
-      consul://tasks.consul-server:8500
-    volumes:
-      - /var/run/docker.sock:/tmp/docker.sock
-    networks:
-      - netgrimoire
-    depends_on:
-      - consul-server
-    deploy:
-      mode: global
-      restart_policy:
-        condition: any
-        delay: 5s
-
-volumes:
-  consul-data:
-    driver: local
\ No newline at end of file
diff --git a/swarm/vault.yaml b/swarm/vault.yaml
new file mode 100644
index 0000000..2a8a102
--- /dev/null
+++ b/swarm/vault.yaml
@@ -0,0 +1,56 @@
+services:
+  vault:
+    image: kopia/kopia:latest
+    container_name: kopia
+    hostname: kopia
+    restart: unless-stopped
+    user: "1964:1964"
+    ports:
+      -  51516:51516
+    environment:
+      PUID: 1964
+      PGID: 1964
+      TZ: America/Chicago
+      KOPIA_PASSWORD: F@lcon13
+      KOPIA_SERVER_USERNAME: admin
+      KOPIA_SERVER_PASSWORD: F@lcon13
+    command: 
+      - server
+      - start
+      #- --tls-generate-cert
+      - --tls-cert-file=/app/cert/my.cert
+      - --tls-key-file=/app/cert/my.key
+      - --address=0.0.0.0:51515
+      - --server-username=admin
+      - --server-password=F@lcon13
+    volumes:
+      - /DockerVol/vault/config:/app/config
+      - /DockerVol/vault/cache:/app/cache
+      - /DockerVol/vault/cert:/app/cert
+      - /srv/vault/backup:/vault
+      - /DockerVol/vault/logs:/app/logs
+    networks:
+      - netgrimoire
+    deploy:
+      endpoint_mode: dnsrr
+      placement:
+        constraints:
+          - node.hostname == znas
+      labels:
+        diun.enable: "true"
+        homepage.group: "Backup"
+        homepage.name: "Vault"
+        homepage.icon: "kopia.png"
+        homepage.href: "https://vault.netgrimoire.com"
+        homepage.description: "Snapshot backup and deduplication"
+        kuma.kopia.http.name: "Kopia Web"
+        kuma.kopia.http.url: "http://vault:51515"
+        # Optional Caddy reverse proxy
+        caddy: kopia.netgrimoire.com
+        caddy.import: authentik
+        caddy.reverse_proxy: "vault.netgrimoire.com:51516"
+      
+
+networks:
+  netgrimoire:
+    external: true